A stack-based buffer overflow in SNI Proxy, in parsing Hostnames to determine where to redirect traffic to the application would The vulnerability exists when aprsing IPv6 blocks, it’ll calculate the source length by looking for the end ] character, and then copy those characters into the target buffer. While it does “limit” the copy, it limits it based on the source length rather than the destination buffer size allowing for an overflow.